Anonim / 9 miesięcy, 2 tygodnie temu | Download | Plaintext | Odpowiedz |

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja: 01-01-2017
Uruchomiony przez tosh (administrator)  TOSH-KOMPUTER (07-01-2017 00:24:41)
Uruchomiony z C:\Users\tosh\Desktop
Załadowane profile: tosh (Dostępne profile: tosh)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Język: Polski (Polska)
Internet Explorer Wersja 11 (Domyślna przeglądarka: Chrome)
Tryb startu: Normal
Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Procesy (filtrowane) =================

(Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\Install\{4D11AC05-3CA0-4269-8B44-C1DF8607E686}\GoogleUpdateSetup.exe
(Google Inc.) C:\Program Files (x86)\GUMD8E0.tmp\GoogleUpdate.exe

==================== Rejestr (filtrowane) ====================

(Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.)

HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2779040829-2560980129-1208720812-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2876704 2016-12-20] (Valve Corporation)
HKU\S-1-5-21-2779040829-2560980129-1208720812-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7416088 2015-02-19] (Piriform Ltd)
HKU\S-1-5-21-2779040829-2560980129-1208720812-1000\...\MountPoints2: {94cd2dd6-43bd-11e4-96fc-806e6f6e6963} - E:\DriverPackSolution.exe
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> 
CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <======= UWAGA

==================== Internet (filtrowane) ====================

(Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.)

Hosts: Nie znaleziono pliku Hosts w domyślnym katalogu
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{9161394B-15E7-4637-BAD0-E23E1E853782}: [DhcpNameServer] 192.168.1.1 192.168.1.1
ManualProxies: 

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617911&ResetID=131130500954996664&GUID=AC5CBECD-CF1F-4FB9-89E5-07B6E96CC468
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617911&ResetID=131130500954996664&GUID=AC5CBECD-CF1F-4FB9-89E5-07B6E96CC468
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\S-1-5-21-2779040829-2560980129-1208720812-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}
SearchScopes: HKLM -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2779040829-2560980129-1208720812-1000 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = 
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2014-12-04] (Oracle Corporation)
BHO-x32: Pomocnik logowania za pomocą konta Microsoft -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-12-04] (Oracle Corporation)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2016-10-03] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2016-10-03] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2016-10-03] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2016-10-03] (McAfee, Inc.)

FireFox:
========
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF Extension: (McAfee WebAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2016-05-24]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF Plugin: @microsoft.com/GENUINE -> disabled [Brak pliku]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-07-29] (Adobe Systems)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2014-09-24] (Foxit Corporation)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-12-04] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-12-04] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Brak pliku]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2011-04-05] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-07-29] (Adobe Systems)
FF Plugin HKU\S-1-5-21-2779040829-2560980129-1208720812-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\tosh\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-08-30] (Unity Technologies ApS)

Chrome: 
=======
CHR DefaultProfile: Default
CHR StartupUrls: Default -> "hxxps://www.google.pl/"
CHR Profile: C:\Users\tosh\AppData\Local\Google\Chrome\User Data\Default [2017-01-07]
CHR Extension: (Adblock Plus) - C:\Users\tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-10-26]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2016-12-30]
CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Chrome Media Router) - C:\Users\tosh\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-14]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx

Opera: 
=======
OPR StartupUrls:  "hxxp://www.gazeta.pl/0,0.html?p=156" 
OPR Session Restore: -> [funkcja włączona]

==================== Usługi (filtrowane) ====================

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)

R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2207960 2016-09-26] (Adobe Systems, Incorporated)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1362464 2016-03-22] ()
U2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2016-09-23] (Hi-Rez Studios) [Brak podpisu cyfrowego]
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [166152 2016-10-03] (McAfee, Inc.)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2015-11-15] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Sterowniki (filtrowane) ======================

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)

R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-12-23] (Disc Soft Ltd)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-08-01] (Intel Corporation)
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [129224 2013-07-18] (Qualcomm Atheros Co., Ltd.)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [46240 2016-06-06] (McAfee, Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
R3 RTWlanE; C:\Windows\System32\DRIVERS\rtwlane.sys [2734152 2013-06-07] (Realtek Semiconductor Corporation                           )
R3 Sftfs; C:\Windows\System32\DRIVERS\Sftfswin7.sys [767648 2014-10-08] (Microsoft Corporation)
R3 Sftplay; C:\Windows\System32\DRIVERS\Sftplaywin7.sys [273576 2014-10-08] (Microsoft Corporation)
R3 Sftredir; C:\Windows\System32\DRIVERS\Sftredirwin7.sys [29864 2014-10-08] (Microsoft Corporation)
R3 Sftvol; C:\Windows\System32\DRIVERS\Sftvolwin7.sys [23208 2014-10-08] (Microsoft Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2014-12-22] (Duplex Secure Ltd.)
U3 atls5xtc; C:\Windows\System32\Drivers\atls5xtc.sys [0 ] (Microsoft Corporation) <==== UWAGA (zerobajtowy plik/folder)
S3 cpuz134; \??\C:\Users\tosh\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
S3 X6va022; \??\C:\Windows\SysWOW64\Drivers\X6va022 [X]
S3 X6va029; \??\C:\Windows\SysWOW64\Drivers\X6va029 [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

==================== NetSvcs (filtrowane) ===================

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)


==================== Jeden miesiąc - utworzone pliki i foldery ========

(Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.)

2017-01-07 00:24 - 2017-01-07 00:26 - 00014600 _____ C:\Users\tosh\Desktop\FRST.txt
2017-01-07 00:24 - 2017-01-07 00:24 - 07680000 _____ C:\Program Files (x86)\GUTD910.tmp
2017-01-07 00:24 - 2017-01-07 00:24 - 00000000 ____D C:\Program Files (x86)\GUMD8E0.tmp
2017-01-07 00:20 - 2017-01-07 00:24 - 00000000 ____D C:\FRST
2017-01-07 00:09 - 2017-01-07 00:09 - 02418176 _____ (Farbar) C:\Users\tosh\Desktop\FRST64.exe
2017-01-06 14:25 - 2017-01-06 14:25 - 03399374 _____ C:\Users\tosh\Desktop\zyczu-mc.jar
2016-12-29 15:52 - 2016-12-29 15:52 - 00000222 _____ C:\Users\tosh\Desktop\S.K.I.L.L. - Special Force 2.url
2016-12-27 15:32 - 2016-12-27 15:33 - 00000000 ____D C:\Program Files (x86)\GameforgeLive
2016-12-27 15:32 - 2016-12-27 15:32 - 00001071 _____ C:\Users\Public\Desktop\Gameforge Live.lnk
2016-12-27 15:32 - 2016-12-27 15:32 - 00000000 ____D C:\Users\tosh\Downloads\Gameforge Live
2016-12-27 15:28 - 2016-12-27 15:30 - 20283128 _____ (Gameforge ) C:\Users\tosh\Desktop\SKILL_GameforgeLiveSetup.exe
2016-12-12 22:56 - 2016-12-12 22:56 - 00001534 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Application Manager.lnk
2016-12-12 22:56 - 2016-12-12 22:56 - 00000000 ____D C:\ProgramData\Adobe
2016-12-12 22:55 - 2016-12-12 23:04 - 78847776 _____ (Adobe Systems Incorporated) C:\Users\tosh\Downloads\Adobe Photoshop CC 2015.0.1 [1].exe
2016-12-12 22:53 - 2016-12-12 22:53 - 00000000 ____D C:\ProgramData\McAfee
2016-12-12 22:53 - 2016-12-12 22:53 - 00000000 ____D C:\Program Files\McAfee
2016-12-12 22:53 - 2016-12-12 22:53 - 00000000 ____D C:\Program Files (x86)\McAfee
2016-12-12 22:20 - 2016-12-12 22:20 - 00000000 ____D C:\Users\tosh\AppData\Local\Chromium
2016-12-08 20:42 - 2016-12-08 20:42 - 00001128 _____ C:\Users\tosh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client.lnk
2016-12-08 20:42 - 2016-12-08 20:42 - 00000000 ____D C:\Users\tosh\AppData\Local\TeamSpeak 3 Client
2016-12-08 20:39 - 2016-12-08 20:39 - 00000000 ____D C:\Program Files\TeamSpeak 3 Client
2016-12-08 14:41 - 2016-12-08 14:41 - 00000000 ____D C:\Program Files (x86)\TeamSpeak 3 Client

==================== Jeden miesiąc - zmodyfikowane pliki i foldery ========

(Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.)

2017-01-07 00:25 - 2009-07-14 05:45 - 00029120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-01-07 00:25 - 2009-07-14 05:45 - 00029120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-01-07 00:24 - 2014-09-24 11:20 - 00001044 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2017-01-07 00:18 - 2011-04-12 14:21 - 22686316 _____ C:\Windows\system32\perfh015.dat
2017-01-07 00:18 - 2011-04-12 14:21 - 07974124 _____ C:\Windows\system32\perfc015.dat
2017-01-07 00:18 - 2009-07-14 06:13 - 00006616 _____ C:\Windows\system32\PerfStringBackup.INI
2017-01-07 00:12 - 2016-10-02 08:31 - 00000000 ____D C:\Program Files (x86)\Hi-Rez Studios
2017-01-07 00:12 - 2015-06-01 21:25 - 00000000 ____D C:\Program Files (x86)\Steam
2017-01-07 00:11 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-01-07 00:07 - 2015-04-25 20:16 - 00000000 ____D C:\AdwCleaner
2017-01-07 00:07 - 2014-09-24 11:20 - 00001048 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2017-01-07 00:04 - 2015-03-26 14:23 - 00000000 ____D C:\Windows\pss
2017-01-07 00:03 - 2016-11-02 17:37 - 00000930 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-01-06 14:46 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2017-01-04 18:19 - 2015-06-19 11:13 - 00000000 ____D C:\Users\tosh\AppData\Roaming\foobar2000
2017-01-04 17:43 - 2014-09-26 17:43 - 00000000 ____D C:\Users\tosh\AppData\Roaming\Skype
2017-01-01 04:32 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2017-01-01 01:24 - 2016-11-02 17:37 - 00000992 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2016-12-30 14:55 - 2015-08-19 19:32 - 00000000 ____D C:\Users\tosh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2016-12-27 15:33 - 2015-03-06 20:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gameforge Live
2016-12-27 15:32 - 2009-07-14 04:20 - 00000000 __RHD C:\Users\Public\Desktop
2016-12-26 01:14 - 2016-08-15 13:52 - 00524288 ___SH C:\Windows\system32\config\components{ffcc0c32-62e4-11e6-a939-00266c029193}.TMContainer00000000000000000002.regtrans-ms
2016-12-26 01:14 - 2016-08-15 13:52 - 00065536 ___SH C:\Windows\system32\config\components{ffcc0c32-62e4-11e6-a939-00266c029193}.TM.blf
2016-12-26 00:52 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\config\RegBack
2016-12-22 21:29 - 2016-11-27 21:45 - 00000000 ____D C:\Users\tosh\Documents\TrackMania
2016-12-22 21:23 - 2016-11-27 21:45 - 00000000 ____D C:\ProgramData\TrackMania
2016-12-19 20:44 - 2016-11-28 16:20 - 00000000 ____D C:\Users\tosh\Documents\American Truck Simulator
2016-12-17 13:32 - 2016-07-30 16:29 - 00000000 ____D C:\Users\tosh\AppData\Local\Diagnostics
2016-12-16 13:09 - 2016-11-02 17:37 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-12-16 13:09 - 2016-11-02 17:37 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-12-16 13:09 - 2016-11-02 17:37 - 00003994 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2016-12-16 13:09 - 2016-11-02 17:37 - 00003868 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-12-16 13:09 - 2016-11-02 17:37 - 00000000 ____D C:\Windows\system32\Macromed
2016-12-16 13:09 - 2014-09-24 09:28 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-12-16 13:09 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\SysWOW64
2016-12-13 15:23 - 2015-06-29 14:50 - 00000000 ____D C:\Users\tosh\AppData\Roaming\uTorrent
2016-12-13 15:23 - 2014-09-24 08:47 - 00000000 ____D C:\Users\tosh\AppData\LocalLow
2016-12-12 22:57 - 2016-11-02 17:36 - 00000000 ____D C:\Users\tosh\AppData\Local\Adobe
2016-12-12 22:56 - 2009-07-14 04:20 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs
2016-12-12 22:56 - 2009-07-14 04:20 - 00000000 ___HD C:\ProgramData
2016-12-12 22:55 - 2014-09-24 08:47 - 00000000 ___RD C:\Users\tosh\Videos
2016-12-12 22:55 - 2009-07-14 04:20 - 00000000 ____D C:\Program Files (x86)\Common Files
2016-12-12 22:53 - 2009-07-14 04:20 - 00000000 ___RD C:\Program Files
2016-12-12 22:20 - 2015-06-01 21:31 - 00000000 ____D C:\Users\tosh\AppData\Local\Steam
2016-12-08 20:42 - 2014-09-24 08:47 - 00000000 ___RD C:\Users\tosh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
2016-12-08 20:39 - 2016-10-07 15:38 - 00000929 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client.lnk

==================== Pliki w katalogu głównym wybranych folderów =======

2017-01-07 00:24 - 2017-01-07 00:24 - 7680000 _____ () C:\Program Files (x86)\GUTD910.tmp
2014-09-24 09:30 - 2015-06-18 13:42 - 0000385 _____ () C:\Users\tosh\AppData\Roaming\burnaware.ini
2014-10-05 11:31 - 2014-10-05 11:31 - 0003584 _____ () C:\Users\tosh\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-10-21 19:08 - 2016-10-21 19:08 - 0001592 _____ () C:\Users\tosh\AppData\Local\recently-used.xbel
2016-10-14 09:00 - 2016-10-14 09:00 - 0000016 _____ () C:\ProgramData\mntemp

Niektóre pliki w TEMP:
====================
C:\Users\tosh\AppData\Local\Temp\ed6e8e8c4b588010c8f64663407c6196.dll
C:\Users\tosh\AppData\Local\Temp\fa4d3d52d83006a7a900be5d59eb6a32.dll
C:\Users\tosh\AppData\Local\Temp\libeay32.dll
C:\Users\tosh\AppData\Local\Temp\msvcr120.dll
C:\Users\tosh\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap ======================

(Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.)

C:\Windows\system32\winlogon.exe => Plik podpisany cyfrowo
C:\Windows\system32\wininit.exe => Plik podpisany cyfrowo
C:\Windows\SysWOW64\wininit.exe => Plik podpisany cyfrowo
C:\Windows\explorer.exe => Plik podpisany cyfrowo
C:\Windows\SysWOW64\explorer.exe => Plik podpisany cyfrowo
C:\Windows\system32\svchost.exe => Plik podpisany cyfrowo
C:\Windows\SysWOW64\svchost.exe => Plik podpisany cyfrowo
C:\Windows\system32\services.exe => Plik podpisany cyfrowo
C:\Windows\system32\User32.dll => Plik podpisany cyfrowo
C:\Windows\SysWOW64\User32.dll => Plik podpisany cyfrowo
C:\Windows\system32\userinit.exe => Plik podpisany cyfrowo
C:\Windows\SysWOW64\userinit.exe => Plik podpisany cyfrowo
C:\Windows\system32\rpcss.dll => Plik podpisany cyfrowo
C:\Windows\system32\dnsapi.dll => Plik podpisany cyfrowo
C:\Windows\SysWOW64\dnsapi.dll => Plik podpisany cyfrowo
C:\Windows\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo

LastRegBack: 2016-12-26 00:52

==================== Koniec  FRST.txt ============================